Package: dovecot Severity: grave Tags: security Justification: user security hole
This entry from http://www.dovecot.org/list/dovecot-news/2012-November/000235.html was assigned CVE-2012-5620: > imap: Fixed crash when SEARCH contained multiple KEYWORD parameters. Fix: http://hg.dovecot.org/dovecot-2.1/rev/0306792cc843 The posting on oss-security claims 1.2 doesn't contain the affected code: http://seclists.org/oss-sec/2012/q4/395 However, mail_search_keywords_merge() also exists in 1.2.15 from Squeeze, so this needs further investigation or clarification from upstream. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
